Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package yaml, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2026-33532 — CVSS 4.3 (medium): `yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of `yaml` on the 1.x branch prior to 1.10.3…